Explained: How does Tel2 protect against Toll Fraud?
Matthew Atkinson
Last Update 10 maanden geleden
Toll fraud is a major problem affecting the VOIP market and at Tel2 we take fraud very seriously. That is why we provide many techniques and options to mitigate and avoid fraud.
Connectivity Control
Tel2 have 'NAT' handling techniques which mean that VOIP clients and SIP trunks can operate behind routers and firewalls without the need for setting up 'port forwarding' on customer network devices. We never recommend that users do port forwarding rules as this can expose their VOIP device to the public internet and it will be only a matter of time before hackers are attacking your systems and looking for ways to compromise your systems. If you think you need port forwarding in place for your VOIP device to work then please speak to our Team first as it is likely that you don't need to do this and there will be a better solution.
You can also run a SIP trunk to Tel2 using a 'Registered SIP trunk' meaning that you do not need to setup 'SIP peering' to IP addresses etc. Almost all PBX systems today can operate in registration mode and do not need static IP peering to work.
TLS Support
Tel2 support 'TLS' to encrypt all SIP traffic to our platforms. We recommend using TLS on your VOIP device or PBX if this is supported as this will encrypt all SIP traffic including authentication information with our systems. Encrypting the SIP traffic also stops 'SIP ALG (Application Layer Gateways)' and other firewall features from 'interfering' with the SIP traffic - and more often than not messing things up for your VOIP traffic. If TLS is support for your SIP transport then enable it!
Call Encryption Support (SRTP)
Tel2 also support SRTP (Secure RTP) if you also wish to encrypt all of your voice data as well - not all devices support this but it's recommended that you enable this if possible as well to encyrpt all of your VOIP data.
Access Control Lists
Access Control Lists are available to customers in the 'Profiles' section of our web portal which allow customers to 'lock down' which IP addresses or subnets are permitted to connect to our network on their account. If the customer has a static IP address and VOIP devices that do not 'move around' the internet - then we recommend that an access control list is applied to the customers account
Tel2 Server Protection
We employ a variety of methods to swiftly thwart attacks on our platforms, responding within seconds. Upon detecting password hacking attempts or recognizing 'known' login patterns originating from SIP hacking tools, we promptly block all traffic from the associated IP addresses. Our systems successfully fend off hundreds of such attacks weekly, ensuring the safety of customer accounts.
Tel2's applications and phones are automatically configured to utilize secure encrypted traffic when connecting to our network. Our Microsoft Teams SBC platforms exclusively communicate with Microsoft's SBCs globally, with traffic restricted from any other sources.
Maintaining a proactive stance on security, Tel2 continually monitors vulnerabilities in our Operating Systems and Platforms. In the event of identifying vulnerable software posing a potential risk to our platforms, immediate patching measures are implemented to fortify our defenses.
Call Analysis
Tel2 utilizes intelligent heuristics to monitor calling activity across all customer accounts. In the presence of unusual calling behavior on an account, a temporary block on overseas calling is implemented until a thorough investigation and resolution of the issue.
Tel2 categorizes countries into distinct risk bands, enforcing rules to regulate the volume of calls permitted to destinations on an hourly and daily basis. The allowable number of calls to a destination is contingent upon its risk level, determined through an analysis of historical data on customer accounts to establish normal calling behavior.
Our systems operate 24/7 and are capable of swiftly blocking abnormal calling behavior within seconds. Whether the activity occurs during the night or day, our systems promptly detect and implement protective measures to block such calls.
Tel2 maintains a comprehensive list of 'Blacklisted' destinations and prefixes known to be exploited by hackers, ensuring these calls are never allowed through the network. Additionally, incoming calls from known hacker-associated numbers and ranges are systematically blocked.
In assessing the source of attacks, Tel2 can apply distinct rules. For instance, calls originating from outside the United Kingdom may be assigned a higher 'risk' factor, allowing tailored security measures for those connections.
Call Control
Tel2 offers its customers a range of options to manage the types of calls permitted on their accounts. Customers can enhance security by applying PIN codes to outgoing calls, necessitating a PIN before initiating a call to a designated destination. Users can opt to apply a PIN to:
- All Calls
- All Toll Calls
- All overseas calls
- All overseas calls to 'expensive' destinations
Alternatively, users have the flexibility to block all overseas calls or specifically 'expensive' overseas calls (typically exceeding 30 cents per minute).
For added control, users can implement 'Access Control Lists' on their profiles, ensuring that calls are restricted to specific IP addresses or subnets.
Call Spend Control
Tel2 operates on a prepaid model for its customers, meaning that once the account balance is depleted, calls cannot proceed. This serves as an effective deterrent to fraud, automatically halting any fraudulent activity if funds are unavailable.
To further control spending, customers can set 'maximum topup amounts' and 'maximum weekly topup amounts' on their auto topup settings, imposing limits on the total expenditure for calls on any account.
As a default measure, we enforce hourly and daily spend limits on all accounts. If an account surpasses a specified spending threshold within a given hour or day, we automatically halt further spending on that account. This precautionary measure minimizes potential damage resulting from fraudulent attacks on a customer's systems.